The postal model of privacy

On February 25, 2008, the FCC held a hearing on network management practices in the Ames Courtroom at Harvard Law School, hosted by the Berkman Center. In that hearing David P. Reed, one of the Internet’s founding scientists, used a plain envelope to explain how the Internet worked, and why it is wrong for anybody other than intended recipients to look inside the contents of the virtual envelopes in which communications are sent over the Internet. It was a pivotal moment in the debate, because the metaphor illustrated clearly how the Internet was designed to respect privacy.

Respect, that is. Not protect.

In the early days of postal communications, the flaps of envelopes were sealed with blobs of wax, usually imprinted by the sender with a symbol. These expressed the intent of the sender — that the contents of the letter were for the eyes of the recipient only. Yes, a letter could be opened without breaking the seal, but not without violating the wishes of the sender.

The other day I wrote, “clothing, for example, is a privacy technology. So are walls, doors, windows and shades.” In the physical world we respect the intentions behind those technologies as well, even though it might be easy to pull open the shirts of strangers, or to open closed doors without knocking on them.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

I see three ways to approach these violations.

One is to rely on geeks and whistleblowers to pull the pants down on violators. In Welcome to the end of secrecy, Jeff Jarvis says the very openness that invites privacy violations is our best protection against the secrecy concealing those violations.

Another is through the exercise of law. In The Only Way to Restore Trust in the NSA, security guru Bruce Schneier writes, “The public has no faith left in the intelligence community or what the president says about it. A strong, independent special prosecutor needs to clean up the mess.” And that’s on top of moves already being made by legislators, for example in South Africa. Given the scale of the offenses now coming to light, we’ll see a lot more of that, even if no special prosecutors get appointed. The law of the jungle will give way to a jungle of new laws. Count on it.

The third is through business — specifically, business modeled on postal services. For many generations, postal services have respected the closed envelope as a matter of course. Yes, we knew there were times and places when mail could be inspected for legitimate reasons. And there were also many things it was not legal to do, or to send, through postal systems. But, on the whole, we could trust them to keep our private communications private. And we paid for the service.

The Googles of the world — companies making their money on advertising — aren’t likely to take the lead here, because they have too much invested in surveillance (of the legal sort) already. But others will step forward. The market for privacy is clear and obvious, and will only become more so as the revelations of abuse continue to pour out.

Perhaps the businesses best positioned to offer secure communications are the postal services themselves. They’ve already been disrupted plenty. Maybe now is the time for them to do some positive disruption themselves.

10 comments

Hear, hear! Email via the USPS (if I understand you correctly). I’d ==>gladly<== pay for it, it'd bring the USPS back into relevance, be a big boost to USPS revenue, be a (potentially) great source of trustworthy email service…all sorts of benefits.

How many times have we seen spy movies in which mail has been opened, copied, resealed, and sent on? Steaming open postal envelopes has been going on for the last two centuries, yes?

Governments have never respected the privacy of their citizens. They have always found compelling reasons to violate citizens’ rights `in this case.’ Spy agencies exist, after all, to break laws: overtly breaking the laws of other nations, but when an organization has as its mission statement `We Break Laws,’ how can they resist breaking the laws of their own nation?

What keeps postal documents private, to the extent that they have remained private (in the US it seems the metadata of the addresses and information on the outside of the envelope has been copied and stored for at least the past decade – on every piece of mail, evidently), is that governments have so far been unable to muster the manpower and expense to open every single piece of mail passing through their territories. The internet and computers just make this feasible.

An interesting evidence of this can be found in the movie Pascali’s Island, in which Ben Kingsley plays an agent of the Turkish government charged with spying on everything that goes on in his small island. He latches onto Brits Charles Dance and Helen Mirren, convinced they are British spies working against the Turkish government. Pascali sends in all his reports, and in this case, on this small island, the government espionage does have the manpower (Basil Pascali) to spy on everybody … but the final scene shows what happens to Pascali’s reports: they are filed away unread in a vast storage hall like that of the estate of Charles Foster Kane.

The digital equivalent of these vaults, like that at the end of Raiders of the Lost Ark, is now open in Utah.

Of course we can look at bad acting by governments, and by postal services in particular, and say All Is Lost. It looks to me like that’s your point here, pond. But that’s not my job. I’m here to encourage the building of stuff.

In compressed form, here are my three points with this post:

1) There is market demand for business (and not just for new laws and whistle-blowing) to provide truly (or at least relatively) secure and trustworthy communication services;

2) There is a well-understood model for trustworthy communication services in postal services; and

3) The postal services themselves (both public and private) may have some opportunities to serve that demand. I should add that I’ve spoken to a number of postal services that are looking seriously at new business opportunities.

Whether they can come through is another question. But I do think the possibility is worth bringing up.

We quickly forget the evolving role of telecos in the internet. Its maybe not so clear in the US as here in the UK.

This post is UK specific, so has little relevance to the US’s constitutionally defined roles and responsibilities. However several commentators have wondered why the UK isn’t as exorcised about all this as, for example Germany or the US. I offer a little history.

Here in the UK most people over 40 will remember placing calls via a human operator. A real life person who had a direct interaction with both caller and receiver when reversing the call charges. In smaller towns and villages this meant that the operator knew who was phoning who, when and often, given their overarching view, could assume why.
This was socially accepted as the operators were usually local and subject to the same social norms as the friends and neighbors they ‘surveilled’.
But they were also employees of the GPO (General Post Office) with a national security obligation and had a direct reporting route into the national security apparatus, so that, if they felt that something fishy was afoot (especially in times of war), they were assumed to be both reliable and honest witnesses.
No-one assumed secrecy in an operator-mediated system. They assumed discretion on the part of the operator.
Is an ISP any different just because the data is package-based rather than analogue ?
It conducts all the same functions as the old operator.

The shift from public ownership to private and from land-lines to mobile has not changed the underlying model of presumed access (as far as teleco users are concerned) and assumed responsibility (on the part of the national security apparatus). And though both are now legally defined under the license terms of privatised telecos, few of the UK’s public know how their comms systems actually work, so often assume a similar design ethos to the US, where constitutionally defined rights are a starting point for systems organisation.

That British Telecom evolved from the GPO is no accident, but neither is it necessarily a designed progression intend on increased surveillance.
What was a conscious decision was the explicit design of terms and conditions for the sale of spectrum bandwidth in the 1990s & early 2000s.

I believe that we should look at the T&Cs of access to comms spectrum, and a fundamental misunderstanding of the nature of comms networks as a primary source of security or insecurity of communications rather than the post-fact actions of security services whose explicit remit is to explore all avenues available.
That’s not to suggest that oversight isn’t desirable or necessary, merely that in the UK at least, the separation of service provision and oversight (provided by both social and fiduciary means) has parallels to other breakdowns in social trust that have their roots in changes in data flow. For example; bank misdeeds, distrust in politicians and issues around trust in scientific data.
It appears to be wrong under the spirit of US law but under both the spirit and detail of UK law its difficult to see this as much more than the world getting used to the Internet.

In days gone by our ‘global’ comms system was actually a constellation of local systems operating to local social and legal norms. Intelligence data was shared at a diplomatic level for competitive advantage, whether commercially or militarily.

There seems to be an assumption that the simple paint-over of that model by use of a common language (TCP/IP) has somehow altered its fundamental make-up. It has not, and the adjustment of the technology to wrap data in a digital envelope doesn’t change that fact. As long as legal and social systems are heterogeneous there will be entry points for covert surveillance through international cooperation as a means to bypass local rights. It frankly doesn’t matter one jot whether the US populous feels agrieved or the Germans are plunged into existential angst if the wider English speaking world or the Mandarin speaking world or the Spanish speakers decide to gang up on their ‘opposition’.

Against most evidence US Congress doesn’t set UK law. The EU & UK governments do that. And against most evidence the US doesn’t set global social norms. So while I’m not saying Brits explicitly like spies and respect code breakers, there is a history here that forms a backdrop to the national mind set and it looks towards Bletchley Park, Alan Turing & James Bond rather than The Stasi, Senator McCarthey or Hoover’s G-Men.

The time and place to look for a failure of oversight is the sale of rights to spectrum access but a global technological fix for a perceived lack of communicational security, especially a US-led one, seems unlikely. The righteous indignation with respect to Huwei hardware looks like a starting point rather than an end point right now.

To me these events and discoveries more likely to work to fragment the rough and ready constellation of networks into national gardens once more. This would force comms through regulated conduits making in-out surveillance even easier and I tentatively suggest that in the legislation of whatever-comes-next those carrying out oversight do a better job, if legally-enshrined privacy is their aim.